822386b5dc07b8dbf20f6580cffe827ba25df485b3dcf31a42bc90f3b2fdf64d

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ef19418d1dc34d400736d1482f1e7b8_JaffaCakes118.html
Size

70KB
MD5

2ef19418d1dc34d400736d1482f1e7b8
SHA1

dae69eb1d8a23fac8dcf8dd7a5796ef6aa5e2cd8
SHA256

822386b5dc07b8dbf20f6580cffe827ba25df485b3dcf31a42bc90f3b2fdf64d
SHA512

3ee9704f0852b355216699576bd7d18cca3d5cef3ad5a88a6945b705988561d0d997dde04f9018cc67221762fcaf7e04942b54be19d9132ba96f562823cd57de
SSDEEP

1536:Sx1RyBHrbP8qGCQwLonzVusOQ8vL0DOofBN:vBLwqxLonzVus58vL0DOQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
3572	msedge.exe
3572	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 1424	3572	msedge.exe	83
PID 3572 wrote to memory of 1424	3572	msedge.exe	83
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 3476	3572	msedge.exe	84
PID 3572 wrote to memory of 2436	3572	msedge.exe	85
PID 3572 wrote to memory of 2436	3572	msedge.exe	85
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86
PID 3572 wrote to memory of 4380	3572	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ef19418d1dc34d400736d1482f1e7b8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff54f946f8,0x7fff54f94708,0x7fff54f94718
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14077299564704246910,3714389598474156112,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
74201924d433e801866897e7ee01b12e

SHA1
6abb30e07e5648a422db85bf13f83a8cbcac3857

SHA256
148fca68ef3f7961a6377d6a09da1191ad0931959f875f70cc6a29d32169b890

SHA512
e2f81b44f5f33cc9619befdd9b6ff183fa11dc4dae4fcb1e65b1e9d7560e14bcfe8bd840a1982271ac99fd563388b2ccd5545017c9e7cdee8c0e466b77d6d0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2dafed4be6f2090e110a496a4d4e0fe0

SHA1
db8d3f741bfde2bbf218841aa0f081a027a500a1

SHA256
9dfb7fe1384a979dd0b9df301ec0fdcc5c05304560689589c9c9e787da5869db

SHA512
e00b35ea03af0bac2e68bf770e7a3914e7d61d10e7d82d5225bbbfc2f0356e2b3e7e185392ea4c4e7416a45bde193ad0916e463e099f6dee39c46ea4ea428c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2299065806d6e00b6cde172a687ad42

SHA1
7ab86157494f82f6b0358cf036ad94110f10cb54

SHA256
7193a8d5ab7f1830d60f816d5e55366f2b9ea246d607cb961df40d4589ec300c

SHA512
b08c069e27fc0bcc99342353b4c8b621118f9fb60a233cbeba54c2acf2dae167c0d3d1cda0b15c7300c8361219e6745ef795fe5f455d5c4b6b76aa5fad906702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bacec2d68fcae6e03df8b5301edb5ec

SHA1
c454d6652cf1e7b47d56e90851c5f9bbf261856d

SHA256
573f6bf76463e64ce2d8bf1038dd858e047457e60339e31a5a917df8677cc9f6

SHA512
83d025a8381f8c1acce4e7abc6cb3421ebe3d58c2e74585c276d9a46bc80e6981bf579dcd8279c3102f1ef82af71e28e1ba7b9ab2606181b24a3f5984acddf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3507f113a104042662ba0365dd8a8aad

SHA1
141240278798d3f4cd5334df9859c43121f4ce5b

SHA256
305f09eaca8fe9564ca7616187fb3dda612617d3e86881ba06389dbddf4e9bbf

SHA512
ef6baf53ad716ecbfd4dfb51cfcdc2a9b030e15eeba973b6f044cc536f9e181cde8d1c6c98ee0f4f057de81e83a6d3b17267659267a959b553cd0446a1da97da

Download Submit